<?php

	session_start();
	
	if(!array_key_exists("class", $_POST) && !array_key_exists("question", $_POST)){
		header("Location: ../common/redirect.php");
		exit;
	}
	
	include_once("../class/db.php");
	$db = new db();
	
	$class = preg_replace("/[^a-zA-Z0-9_@\-\.\s]/", "", $_POST['class']);
	$question = preg_replace("/[^a-zA-Z0-9_@\-\.\s]/", "", $_POST['question']);
	$answer = preg_replace("/[^a-zA-Z0-9_@\-\.\s]/", "", $_POST['answer']);
	$country = $_POST['country'];
	$username = $_SESSION['user'];
	
	$sql = "UPDATE users SET class = '$class', secure_question = '$question', secure_answer = '$answer', country = '$country' WHERE username = $username";
	$db->execute($sql, "none");
	
	header("Location: main.php");
	exit;
	
	
?>